echo "Software Security" | sed s/\ /\ Vulnerabilities\ and\ /g

CS 5770: Software Vulnerabilities and Security (SoftVulnSec)

Northeastern Huskies Boston Strong Boy Router

Instructor

Engin Kirda

For correspondence, send a mail to ek@ccs.neu.edu

Office Hours: Tuesdays, 3:50-4:50pm

News

  1. 11.26.2013 Challenge 8 is online. Use your husky credentials to access the specification.
  2. 11.05.2013 Challenge 6 is online. Use your husky credentials to access the specification.
  3. 10.22.2013 Challenge 5 is online. Use your husky credentials to access the specification.
  4. 10.15.2013 Bonus challenge information sent out. Good luck.
  5. 10.09.2013 Challenge 4 is online. Use your husky credentials to access the specification.
  6. 10.02.2013 Challenge 3 is online. Use your husky credentials to access the specification.
  7. 09.24.2013 Challenge 2 is online. Use your husky credentials to access the specification.
  8. 09.17.2013 Challenge 1 is online. Use your husky credentials to access the specification.
  9. 09.05.2013 The course website has now been updated. The first lecture will be on Tuesday, 11th of September.
  10. 09.10.2013 The course website is online and updated.

Abstract

Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect systems, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of attacks is a prerequisite for the design and implementation of secure systems.

This course deals with common programming, configuration, and design mistakes and ways to detect and avoid them. Examples are used to highlight general error classes, such as stack and heap overflows. Possible protection and detection techniques are examined. The course includes a number of practical lab assignments where participants are required to apply their knowledge as well as a discussion of the current research in the field. Students will learn how the security of systems can be violated, and how such attacks can be detected and prevented.

The course aims to make the students "security aware", and gain an in-depth understanding about security issues.

Some Topics

  • Operating system security and vulnerabilities (UNIX, Windows, stack and heap overflows)
  • Windows Security
  • Buffer Overflows (including Heap overflow)
  • Testing
  • Reverse engineering and binary analysis
  • Viruses, worms, malware and malicious code
  • Botnets
  • Language security
  • Web security

Prerequisites

Significant Programming experience (this course is not for you if you are a beginner)
Knowledge of C/C++ useful
Basic SQL knowledge
Basic web programming knowledge

Dates and Times

Tuesdays, 6-9pm, Kariotis Hall 011

Slides and Schedule

(Use your authentication credentials for the lab to access the material)

12.10.2013 Final exam (Covers material from Class 7-12)
12.03.2013 Class 12 ([download slides])
11.26.2013 Class 11 // Quiz 3 // ([download slides])
11.19.2013 Class 10 ([download slides])
11.12.2013 Class 9 // Quiz 2 // ([download slides])
11.05.2013 Class 8 ([download slides])
10.29.2013 Midterm (Covers material from Class 1-6)
10.22.2013 Class 7 ([download slides])
10.15.2013 Class 6 ([download slides])
10.08.2013 Class 5 ([download slides])
10.01.2013 Class 4 / Quiz 1 // ([download slides])
09.24.2013 Class 3 ([download slides])
09.17.2013 Class 2 ([download slides])
09.10.2013 Class 1 ([download slides])

Practical Challenges (Assignments)

Students will "need" to solve a set of practical challenges (assignments) in the lab part of the course.


The current challenge is Challenge 8.

Grading

The course grade will be based on:

10%: 3 Quizzes
27%: Midterm exam
30%: Final exam
3%: Participation
30%: 8 practical security challenges

Registration

Registration details will be announced via e-mail to the registered participants.
Last Modified: Tue Dec 3 19:53:33 EST 2013


Northeastern University, Boston, http://www.neu.edu